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3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 
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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1 .1 14, including tine fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on October 
30, 2008 has been entered. 

Acl(nowiedgments 

2. Applicants' amendment filed on September 30, 2008 is acknowledged. 
Accordingly claims 5, 8-12, and 51-57 remain pending. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 5. 8-12 and 51-57 . are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kuo et al (hereinafter "Kuo"), US Patent No. 6,230,288 B1 in view of 
Ji, US Patent No. 6,272,641 B1 . 
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5. As per claims 5 and 57 . Kuo discloses a method for protecting a networl< server 

from being used as tlie basis of an attacl< on a network client, the method comprising: 
scanning a trusted portion of said network server to find executable commands 
inserted by an unwanted party, said executable commands being associated with a 
selected programming language, wherein said trusted portion is a subset of said 
network server; and, 

at least one of editing and removing at least a portion of said executable 
commands such that said executable commands still remain in said trusted portion, but 
cannot be executed by said network client, wherein if editing, said editing of said 
executable commands comprises replacing particular characters within said executable 
commands (col. 2, lines 25-40; see col. 5, lines 20-40, which discloses that the 
SCAN. EXE performs a whitespace transformation on the text file by replacing each of 
the various whitespace sequences found in the text file with a common whitespace 
sequence, e.g. a single whitespace character such as a space). 

6. What Kuo does not explicitly disclose is: 

scanning a trusted portion of said network server to find executable commands 
inserted by an unwanted party, said executable commands being associated with a 
selected programming language, wherein said trusted portion is a subset of said 
network server 

7. Ji discloses scanning a trusted portion of said network server to find executable 
commands inserted by an unwanted party, said executable commands being 
associated with a selected programming language, wherein said trusted portion is a 
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subset of said network server (see fig. 1 , which discloses "scanner"; col. 3 lines 1 0-45, 
which discloses that the applets are statically scanned at the server by the scanner 
looking for particular instructions which may be problematic in a security context. The 
identified problematic instructions are then each instrumented, e.g. special code is 
inserted before and after each problematic instruction, where the special code calls 
respectively a prefilter and a post filter ...the instrumentation involves replacing the 
problematic instruction with another instruction...) 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate scanning a trusted portion of said 
network server to find executable commands inserted by an unwanted party, said 
executable commands being associated with a selected programming language, 
wherein said trusted portion is a subset of said network server, in view of the teachings 
of Ji since the claimed invention is merely a combination of old and known elements 
and in the combination each element would have performed the same function as it did 
separately, and one of ordinary skill in that art would have recognized that the results of 
the combination were predictable. 

8. As per claim 8 , Kuo failed to explicitly disclose the method, further comprising 
rejecting a request when said request contains said executable command having a 
hostile character. 

Ji discloses the further comprising rejecting a request when said request contains 
said executable command having a hostile character (col. 3, lines 20-45, which 
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discloses that if the security policy is violated the particular instruction which violates the 
security policy is not executed...). 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, further comprising 
rejecting a request when said request contains said executable command having a 
hostile character in view of the teachings of Ji since the claimed invention is merely a 
combination of old and known elements and in the combination each element would 
have performed the same function as it did separately, and one of ordinary skill in that 
art would have recognized that the results of the combination were predictable. 

9. As per claim 9. Kuo further discloses the method, further comprising logging 
said executable commands to form a security log (col. 2, lines 45-55; col. 8, lines 1-10). 

10. As per claim 10 . Kuo further discloses the method, further comprising reviewing 
said security log to determine whether said executable commands are hostile (col. 6, 
lines 55-65). 

11. As per claim 51 , Kuo further discloses the method, wherein the executable 
commands cause an unwanted action when executed (col. 2, lines 55-65). 



12. As per claim 52 . Kuo further discloses the method, wherein the executable 
commands are malicious (col. 1, lines 35-50). 
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13. As per claim 53 . Kuo further discloses tine metliod, furtlier comprising receiving a 
request for connection at said networl< server from networl< client 

Ji discloses the method, further comprising receiving a request for connection at 
said network server from network client (col. 2, lines 45-60). 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, further comprising 
receiving a request for connection at said network server from network client in view of 
the teachings of Ji since the claimed invention is merely a combination of old and known 
elements and in the combination each element would have performed the same 
function as it did separately, and one of ordinary skill in that art would have recognized 
that the results of the combination were predictable. 

14. As per claim 54 . Kuo failed to explicitly disclose the method, further comprising 
verifying that a response from said network server to said network client is void of said 
executable commands 

Ji disclose the method, further comprising verifying that a response from said 
network server to said network client is void of said executable commands (col. 3, lines 
35-45). 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, further comprising 
verifying that a response from said network server to said network client is void of said 
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executable commands in view of the teachings of Ji since the claimed invention is 
merely a combination of old and known elements and in the combination each element 
would have performed the same function as it did separately, and one of ordinary skill in 
that art would have recognized that the results of the combination were predictable. 

15. As per claim 55 . Kuo failed to explicitly disclose the method, further comprising 
providing said response from said network server to said network client. 

Ji discloses the method, further comprising providing said response from said 
network server to said network client (col. 3, lines 35-65) 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, further comprising 
providing said response from said network server to said network client in view of the 
teachings of Ji since the claimed invention is merely a combination of old and known 
elements and in the combination each element would have performed the same 
function as it did separately, and one of ordinary skill in that art would have recognized 
that the results of the combination were predictable. 

16. As per claim 56 , Kuo further discloses the method of claim 5, wherein said 
programming language comprises javascript (col. 1, lines 55-65). 

17. Claims 11-12, are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Kuo et al (hereinafter "Kuo"), US Patent No. 6,230,288 B1 in view of Ji, US Patent No. 
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6,272,641 B1 and further in view of Guheen et a! (hereinafter "Guheen") U.S. Patent No. 
6,473,794 B1 . 

18. As per claim 11 . both Kuo and Ji failed to explicitly disclose the method, wherein 
said protection of the network server is accomplished during an electronic purchase 

transaction. 

Guheen further discloses the method, wherein said protection of the network 
server is accomplished during an electronic purchase transaction (column 251, lines 34- 
36). 

Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, wherein said protection of 
the network server is accomplished during an electronic purchase transaction in view of 
the teachings of Guheen since the claimed invention is merely a combination of old and 
known elements and in the combination each element would have performed the same 
function as it did separately, and one of ordinary skill in that art would have recognized 
that the results of the combination were predictable. 

19. As per claim 12 . both Kuo and Ji failed to explicitly disclose the method wherein 
the electronic purchase transaction is conducted using a digital wallet 

Guheen further discloses the method, wherein the electronic purchase 
transaction is conducted using a digital wallet (column 17, Java wallet; column 261, lines 
30-53). 
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Accordingly, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify Kuo to incorporate the method, wherein the electronic 
purchase transaction is conducted using a digital wallet in view of the teachings of 
Guheen since the claimed invention is merely a combination of old and known elements 
and in the combination each element would have performed the same function as it did 
separately, and one of ordinary skill in that art would have recognized that the results of 
the combination were predictable. 



Conclusion 

20. Examiner's Note: Examiner has cited particular columns and line numbers in 
the references as applied to the claims below for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art ad are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested that the applicant, in preparing the 
responses, fully consider the references in entirety as potentially teaching all or part of 
the claimed invention, as well as the context of the passage as taught by the prior art or 
disclosed by the examiner. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Charles C.L. Agwumezie whose number is (571) 272- 
6838. The examiner can normally be reached on Monday - Friday 8:00 am - 5:00 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin Hewitt can be reached on (571) 272 - 6709. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Charlie C Agwumezie/ 
Primary Examiner, Art Unit 3685 
November 28, 2008 



